Our ADS/LDAP tree is organized using location: ou=Moscow, cn=user1, cn=user2, .... ou=Stavanger, cn=user1, cn=user2, ...
We will have at least one OTRS "agent" per location, with the rest of the users being "customers". Moving admin users to another common baseDN is not an option either due to group policies etc. If I could only find the code which allows this agent registration, I could comment it out and the problem would be solved... Thomas >-----Original Message----- >From: Robert Kehl [mailto:[EMAIL PROTECTED] >Sent: Thursday, March 25, 2004 3:31 PM >To: User questions and discussions about OTRS. >Subject: Re: [otrs] Limit Agent user registration > > >On Thursday, March 25, 2004 2:43 PM >Thomas Nilsen <[EMAIL PROTECTED]> wrote: >> Auto registration might be the wrong term. But since we have set up >> AD as the main authentication source for both customers and agents, >> and using the same base dn, customers can then log on as agents as >> well by just entering their usernames/passwords twice. The first time >> they get the message: "Useraccount activated, retry.". Then they can >> log on to the agent front-end... They won't see any queues or >> anything, but we still don't want them to be able to register as >> agents. > >Ah, I see. This is the synchronization from LDAP to DB. Kinda >auto-regging indeed, yes. > >How to prevent this? Put your customers in their own group - it's that >simple. Do not use the same baseDN. >Example: >Assuming, your Agents are here: >ou=People,ou=Headquarter,dc=example,dc=com >Your Customers are here (or at least should be) >ou=Customers,ou=Headquarter,dc=example,dc=com >The BaseDN you used to be using is: >ou=Headquarter,dc=example,dc=com > >Now, use this for the BaseDN when it comes to Customers: >ou=Customers,ou=Headquarter,dc=example,dc=com >And this one, when it comes to Agent AUTH: >ou=People,ou=Headquarter,dc=example,dc=com > >If you have both your Agents and your Customers cluttered in: >ou=People,ou=Headquarter,dc=example,dc=com >Then it's time for a cleanup, I presume. > >I believe there must be another way to logically distinguish your >Customers from your Agents in your AD, but I know too little of it, >sorry. If the above is no option at all, we'll dig further. > >hth, > >Robert Kehl > >-- >((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg > http://www.otrs.de/ :: Tel. +49 (0)6172 4832388 > >_______________________________________________ >OTRS mailing list: otrs - Webpage: http://otrs.org/ >Archive: http://lists.otrs.org/pipermail/otrs >To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >Support oder Consulting f�r Ihr OTRS System? >=> http://www.otrs.de/ > DISCLAIMER: This message contains information that may be privileged or confidential and is the property of the Roxar Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting f�r Ihr OTRS System? => http://www.otrs.de/
